locked
Can a Windows Server 2016 to get update from WSUS 4.0 downstream server? RRS feed

  • Question

  • Hi Experts,

      We have a WSUS 4.0 running on Windows Server 2012 R2 as a downstream server, configuring as replica from the upstream server and the upstream server is WSUS 3.0 SP2 running on Windows Server 2008 R2. Can Windows Server 2016 pointed to WSUS 4.0 to get security update in this environment? Thx

    Friday, October 13, 2017 6:41 AM

Answers

  • Thanks a million for you & Adam advice! However, I just would like to confirm if Windows Server 2016 can get Windows Updates from a WSUS 4.0 downstream server that was synced from WSUS 3.0 SP2 upstream server. Because I just know that Windows Server 2016 cannot work for updates from WSUS 3.0 SP2 directly (https://social.technet.microsoft.com/Forums/windowsserver/en-US/bc7c43f1-3d53-4a69-b0b4-971a1539d107/can-windows-2016-be-updated-using-wsus-30-sp2?forum=winserverwsus) But I don't sure if we can deploy updates for Windows Server 2016 from WSUS 4.0 downstream server.

    That link doesn't say that it won't work from 3.0SP2 to 2016. It says that the upgrade component in 3.0 does not work for Windows 10 machines from 3.0SP2 and that it's highly recommended that you upgrade to 2012 or higher. It should have no problem with passing the information along and letting the 2016 receive the same data, and process it properly due to the enhancements of WSUS on 2012+ and should be fine for approving upgrades to Windows 10 machines.

    Adam Marshall, MCSE: Security
    http://www.adamj.org

    • Marked as answer by Peter Pan(chn) Tuesday, October 17, 2017 9:25 AM
    Monday, October 16, 2017 4:02 PM

All replies

  • Hi Experts,

      We have a WSUS 4.0 running on Windows Server 2012 R2 as a downstream server, configuring as replica from the upstream server and the upstream server is WSUS 3.0 SP2 running on Windows Server 2008 R2. Can Windows Server 2016 pointed to WSUS 4.0 to get security update in this environment? Thx

    Think differently! Why don't you just switch it around.

    1. Promote the replica to an upstream server by telling it to sync directly with Microsoft
    2. Re-configure the WSUS 3.0 to be a replica of the 2012 WSUS
    3. Then setup Server 2016 as a replica of the 2012 Server, let it replicate
    4. Then promote the replica 2016 server to an upstream
    5. Then change the 2008 and the 2012 to replicas of the 2016 WSUS.

    Then you'll be working from the latest WSUS.

    oh, and then implement my WSUS Maintenance script to keep everything working fast, smooth, and let you have your WSUS Freedom.

    Have a peek at my Adamj Clean-WSUS script. It is the last WSUS Script you will ever need!

    http://community.spiceworks.com/scripts/show/2998-adamj-clean-wsus

    What it does:

    1. Add WSUS Index Optimization to the database to increase the speed of many database operations in WSUS by approximately 1000-1500 times faster.
    2. Remove all Drivers from the WSUS Database (Default; Optional).
    3. Shrink your WSUSContent folder's size by declining multiple types of updates including by default any superseded updates, preview updates, expired updates, Itanium updates, and beta updates. Optional extras: Language Packs, IE7, IE8, IE9, IE10, Embedded, NonEnglishUpdates, ComputerUpdates32bit, WinXP.
    4. Remove declined updates from the WSUS Database.
    5. Clean out all the synchronization logs that have built up over time (configurable, with the default keeping the last 14 days of logs).
    6. Compress Update Revisions.
    7. Remove Obsolete Updates.
    8. Computer Object Cleanup (configurable, with the default of deleting computer objects that have not synced within 30 days).
    9. Application Pool Memory Configuration to display the current private memory limit and easily set it to any configurable amount including 0 for unlimited. This is a manual execution only.
    10. Checks to see if you have a dirty database, and if you do, fixes it. This is primarily for Server 2012 WSUS, and is a manual execution only.
    11. Run the Recommended SQL database Maintenance script on the actual SQL database.
    12. Run the Server Cleanup Wizard.

    It will email the report out to you or save it to a file, or both.

    Although the script is lengthy, it has been made to be super easy to setup and use so don't over think it. There are some prerequisites and instructions at the top of the script. After installing the prerequisites and configuring the variables for your environment (email settings only if you are accepting all the defaults), simply run:

    .\Clean-WSUS.ps1 -FirstRun

    If you wish to view or increase the Application Pool Memory Configuration, or run the Dirty Database Check, you must run it with the required switch. See Get-Help .\Clean-WSUS.ps1 -Examples

    If you're having trouble, there's also a -HelpMe option that will create a log so you can send it to me for support.


    Adam Marshall, MCSE: Security
    http://www.adamj.org

    Saturday, October 14, 2017 2:14 AM
  • Hello,

    I agree with Adam, you'd batter use Windows Server 2012 R2 as upstream server, (or you may install another Windows Server 2016 as WSUS server, as Windows server 2016 may show up as Windows 10 on Windows Server 2012 WSUS server)and then let Windows Server 2016 point to it for updates. 

    Regards,

    Yan


    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, October 16, 2017 2:28 AM
  • Thanks a million for you & Adam advice! However, I just would like to confirm if Windows Server 2016 can get Windows Updates from a WSUS 4.0 downstream server that was synced from WSUS 3.0 SP2 upstream server. Because I just know that Windows Server 2016 cannot work for updates from WSUS 3.0 SP2 directly (https://social.technet.microsoft.com/Forums/windowsserver/en-US/bc7c43f1-3d53-4a69-b0b4-971a1539d107/can-windows-2016-be-updated-using-wsus-30-sp2?forum=winserverwsus) But I don't sure if we can deploy updates for Windows Server 2016 from WSUS 4.0 downstream server.
    Monday, October 16, 2017 6:55 AM
  • Thanks a million for you & Adam advice! However, I just would like to confirm if Windows Server 2016 can get Windows Updates from a WSUS 4.0 downstream server that was synced from WSUS 3.0 SP2 upstream server. Because I just know that Windows Server 2016 cannot work for updates from WSUS 3.0 SP2 directly (https://social.technet.microsoft.com/Forums/windowsserver/en-US/bc7c43f1-3d53-4a69-b0b4-971a1539d107/can-windows-2016-be-updated-using-wsus-30-sp2?forum=winserverwsus) But I don't sure if we can deploy updates for Windows Server 2016 from WSUS 4.0 downstream server.

    That link doesn't say that it won't work from 3.0SP2 to 2016. It says that the upgrade component in 3.0 does not work for Windows 10 machines from 3.0SP2 and that it's highly recommended that you upgrade to 2012 or higher. It should have no problem with passing the information along and letting the 2016 receive the same data, and process it properly due to the enhancements of WSUS on 2012+ and should be fine for approving upgrades to Windows 10 machines.

    Adam Marshall, MCSE: Security
    http://www.adamj.org

    • Marked as answer by Peter Pan(chn) Tuesday, October 17, 2017 9:25 AM
    Monday, October 16, 2017 4:02 PM
  • Okay, I got it. Thanks a lot
    Tuesday, October 17, 2017 9:25 AM